Mubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 13 hours agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square111fedilinkarrow-up1417arrow-down15 cross-posted to: piracy@lemmy.dbzer0.com
arrow-up1412arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comMubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 13 hours agomessage-square111fedilink cross-posted to: piracy@lemmy.dbzer0.com
minus-squareburghler@sh.itjust.workslinkfedilinkEnglisharrow-up32·13 hours agoWonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
minus-squaredoeknius_gloek@discuss.tchncs.delinkfedilinkEnglisharrow-up19·12 hours agoI don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
minus-squareStrit@lemmy.linuxuserspace.showlinkfedilinkEnglisharrow-up10·12 hours agoSo lets hope this 10.11.7 is not subject to the axios one. :)
minus-squarerollerbang@lemmy.worldlinkfedilinkEnglisharrow-up9·12 hours agoDiff agrees, not likely. Might be permisson related, elevation of privileges.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down2·8 hours agoAxios is a Javascript library and Jellyfin is written in C#.
minus-squaredvlsg@lemmy.worldlinkfedilinkEnglisharrow-up4·edit-26 hours agoTrue, but there is a web frontend. Possible it could be using npm and axios somewhere in there. I still doubt it. But it could happen.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up1arrow-down3·6 hours agoThe web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
minus-squareMubelotix@jlai.luOPlinkfedilinkEnglisharrow-up5·5 hours agoLook better https://github.com/jellyfin/jellyfin-web
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2·5 hours agoThat’s awkward. I didn’t know that was in a separate repo.
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
I don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
So lets hope this 10.11.7 is not subject to the axios one. :)
Diff agrees, not likely. Might be permisson related, elevation of privileges.
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
deleted by creator